Video Screencast Help
We've launched some major improvements to the interface and community structure. Learn about them here!
new discussion 1 hour 1 min ago
Anyone have any fine detail on the inner workings of the cloud lookup on desktops?  I am looking for more detail on the internet communcation, I can only presume (hope) that the realtime scanner isn't having to go to the internet for the operating files.  I am also wondering once a locally installed application is scanned once, its never looked up in the internet for a second time?
new discussion 1 hour 19 min ago
Is it possible to use a managed SED client with shared mailboxes? 
updated blog entry 1 hour 31 min ago
更新日期:2017年5月23日 0:30 (格林尼治时间): 赛门铁克发现了WannaCry网络攻击事件与Lazarus团伙的其他紧密联系。获取更多详细信息,请查看博文:WannaCry: 勒索软件攻击事件与Lazarus团伙有紧密关联 更新日期:2017年5月15日 23:24:21 (格林尼治时间): 赛门铁克发现了勒索软件WannaCry网络攻击与Lazarus团伙的两个潜在联系。 已知的Lazarus和WannaCry勒索软件共同出现:赛门铁克发现存在WannaCry专用工具的机器上也感染了早期版本的WannaCry。这些WannaCry的早期变体无法通过SMB传播。Lazarus工具可能作为传播WannaCry的方式,但是这一点并没有得到证实。 共享代码:谷歌的 Neel Mehta ...
new discussion 1 hour 1 min ago
Anyone have any fine detail on the inner workings of the cloud lookup on desktops?  I am looking for more detail on the internet communcation, I can only presume (hope) that the realtime scanner isn't having to go to the internet for the operating files.  I am also wondering once a locally installed application is scanned once, its never looked up in the internet for a second time?
new discussion 1 hour 19 min ago
Is it possible to use a managed SED client with shared mailboxes? 
updated article 11 May 2017
The attached document will give you an overview on how to setup the Symantec Email Quarantine.
updated article 08 May 2017
Introduction By popular demand, below is an index of my Connect articles.  Illustrated, semi-formal and mildly amusing, I hope they assist admins and individuals along their neverending quest to find a safe path in this ever more dangerous world.... Security Series The first article, Using SEPM Alerts and Reports to Combat a Malware Outbreak, demonstrated how to use ...
updated article 08 May 2017
Introduction This is the sixteenth in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. This article begins a new mini-series about a much misunderstood ...
new article 08 May 2017
Is it possible to monitor specific progress status with Host Integrity (HI) policy in endpoint protection? The answer is yes. Here is a simple example of how to set the requirement in HI policy. Details steps as below: 1. Edit HI policy--> click Requirements--> click "add" button--> select client platform: Windows and select "Custom requirement", click Ok: 2. On the custom requirement ...
updated blog entry 1 hour 31 min ago
更新日期:2017年5月23日 0:30 (格林尼治时间): 赛门铁克发现了WannaCry网络攻击事件与Lazarus团伙的其他紧密联系。获取更多详细信息,请查看博文:WannaCry: 勒索软件攻击事件与Lazarus团伙有紧密关联 更新日期:2017年5月15日 23:24:21 (格林尼治时间): 赛门铁克发现了勒索软件WannaCry网络攻击与Lazarus团伙的两个潜在联系。 已知的Lazarus和WannaCry勒索软件共同出现:赛门铁克发现存在WannaCry专用工具的机器上也感染了早期版本的WannaCry。这些WannaCry的早期变体无法通过SMB传播。Lazarus工具可能作为传播WannaCry的方式,但是这一点并没有得到证实。 共享代码:谷歌的 Neel Mehta ...
updated blog entry 11 hours 2 min ago
[This is part five of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into 45 minutes...] RESEARCH QUESTION #3: WHAT ABOUT CELEBRITY SEARCHES? Probably the single most interesting part of the chart in Part 4 was the "Celebrity" SEP category. Just 2.7%??? Don't we all know that the ...
updated blog entry 11 hours 8 min ago
[This is part four of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into 45 minutes...] RESEARCH QUESTION #2: Seeing that no really interesting results -- well, at least, not enough for a conference-length presentation -- were going to come from the "who's the safest search ...
updated blog entry 11 hours 19 min ago
[This is part three of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into a 45-minute presentation...] WHO'S THE SAFEST SEARCH ENGINE? So, late last Summer, seeing that SEP was such a dominant attack vector, we talked about what sort of research focus would make for an interesting ...
updated blog entry 11 hours 27 min ago
[This is part two of a series of blog posts providing some of the backstory on my upcoming RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into a 45-minute presentation...] Before looking into the details of what the Bad Guys are up to these days in the realm of SEP, we need to look back to see how we got here. The simplest way to do that, I ...
updated blog entry 12 hours 15 min ago
[This is the first of a series of blog posts providing some of the backstory on my upcoming RSA presentation on Search Engine Poisoning. There were a lot of screenshots and accompanying notes that simply wouldn't fit into a 45-minute presentation...] Two years ago, I gave a presentation at RSA on Search Engine Poisoning. It was fun, but my malware research afterwards gradually moved on to ...
updated blog entry 12 hours 29 min ago
About once a year, we see a security report highlighting celebrities that are "dangerous" to search for. And about once a year we publish our own research that debunks this notion (like these two posts, from 2014 and 2012). The latest list of "most dangerous celebrities" was as follows: Armin van Buuren Luke Bryan Usher Britney Spears Jay Z Katy Perry Amy Schumer Betty White Lorde Nina ...
updated blog entry 13 hours 32 min ago
One of my all-time favorite posts involved looking at the traffic of a shady "warez" (downloads) network, where the malware payloads were being served in response to specific search terms. Since the Bad Guys coded the EXE file they returned to match the search terms, we could tally up the various sorts of content searches that had led the victims into the malware network. During the course of ...
updated blog entry 13 hours 40 min ago
Starting June 2017, Symantec will begin deploying the next version of the Email Quarantine to Symantec Email Security.cloud customers. The latest version of the Symantec Email Quarantine includes a number of new features and improvements including: New, mobile-optimized experience for users Users can release emails to administrators for further investigation Administrators have greater ...
updated download 25 Apr 2017
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 17 Apr 2017
The database space reclamation utility lets you reclaim unused incident LOB space in your Symantec Data Loss Prevention Oracle 11g Standard database. This can use the database space reclamation utility after migrating incident attachments to external storage, or after deleting a large number of incidents.
new event 18 May 2017
WEBINAR: Using the NIST Cybersecurity Framework to Identify PHI TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKERS: Axel Wirth, CPHIMS, CISSP, HCISPP, Technical Architect, Symantec & Vishal Gupta, VP, Engineering/Product Management, Symantec Part 2 of 7: The NIST Cybersecurity Framework Healthcare Webinar Series Of the 16 critical infrastructure sectors, healthcare is the only one yet to ...
updated event 17 May 2017
WEBINAR ON-DEMAND VIEW ANY TIME Don’t Cry Over WannaCry Ransomware Wannacry is big but how big is it really? It’s important to understand how this piece of ransomware is operating, what you can do to stop it and what to do if you’ve been compromised. Join us to learn what Symantec customers and non-customers can do against this threat and future threats like it. Register Now (CLICK HERE)
new event 10 May 2017
WEBINAR:  Symantec Endpoint Protection 14: Part 5 of 5: A Step-By-Step Approach for Endpoint Detetion & Response TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKER: Scott Hardie, System Engineer, Symantec Endpoint Detection and Response (EDR) was developed as a way to address Advanced Persistent Threats (APTs). It is the sneakiness of APTs that make them so dangerous and so difficult ...
updated event 08 May 2017
WEBINAR: Data-Centric Security: A Best Practice Approach TIME: 10:00 AM PT / 1:00 PM ET DATE: June 22, 2017 SPEAKERS: Guest Speaker Heidi Shey - Senior Analyst at Forrester and Nico Popp - SVP Engineering,  Information Protection at Symantec Keeping data safe pays dividends for protecting your reputation and retaining trust. No-one wants to suffer a breach, let alone a mega ...
updated event 02 May 2017
(Agenda will be decided in spring 2017.)
updated event 02 May 2017
(Agenda should be nailed down by April 2017.)
updated event 27 Apr 2017
Please join us for 1.5 days of exclusive training on Symantec Control Compliance Suite on May 16-17 in Chicago.  This FREE technical workshop will include deep dives on a range of topics such as: Best practices for deployment, configuration, scalability, and troubleshooting Vulnerability management Control Compliance Suite platform generic collector and script engine Check ...
new event 26 Apr 2017
WEBINAR: 2017 Internet Security Threat Report (ISTR): A Review of the Threat Landscape TIME: 10:00 AM (PST) / 1:00 PM (EST) DATE: May 16, 2017 SPEAKER: Kevin Haley, Director of Product Management for Symantec Security Technology and Response 2016 saw major shifts in techniques used by targeted attackers, the continued rise of ransomware and significant attacks from IoT ...
new video 28 Apr 2017
This video forms part of a series which describes the actions administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video focuses on creating the correct user permissions in the ClientNet portal to ensure that the quarantine administrator may take all necessary actions.
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video looks at the Quarantine portal and some of the more common actions that administrators may wish to take, such as customizing the Email Notifications that are generated to end ...
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video looks at the Quarantine options in ClientNet itself and the various options available for quarantine administrators to configure.
updated video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Secrurity.cloud service. In this video you will be walked through how to turn on quarantine settings for the services that are included in your bundle: either Anti-Spam only, or Anti-Spam, Data Protection ...
updated video 10 Feb 2017
The world is changing. We are entering another era of IT, where enterprises are experiencing a fundamental shift in the way their workforce consumes technology. Personally owned devices ubiquitously connected in today’s world, are giving way to cloud-based applications and repositories in almost every region and vertical. The shift of workloads to cloud applications such as Office365, Google ...
new idea 20 hours 52 min ago
While I am working on DLP since more than 5+ yrs, I feel many times that there should be one more filter must be present before pulling the reports. The filter must allow to set the date or time of last communicated/connected time which will help us to get the precise reports.
new idea 22 May 2017
Want to be able to whitelist/exclude USB devices that we don't want blocked by the USB device Control option when it set to "BLOCKED". Currently it would block all USB devices including printers and wireless keyboard/mouses due to the blocking and need to enter a password to unblock it till the machine reboots.
updated idea 22 May 2017
We have a content filtering policy set up as per the screenshot below. It checks on outbound emails whether a domain of a recipient in the recipient field of a message matches an entry in a managed dictionary or matches some specific "wildcard" type domains. If one of the conditions are met it will force the email to go via TLS. The domains specified in the dictionary and the conditions ...
new idea 19 May 2017
Many of your customers are expressing an urgent need to receive Attacker IP Address in SEP email alerts. In addition, I would like to find this information somewhere in the affected computer's log files or Windows event log. Without this information, it takes much more time to log onto your web site and retrieve and we cannot script a response in our firewalls, etc.
new idea 16 May 2017
We currently have SEP v14 MP1 installed in our environment.  I've seen some other endpoint protection products that track the footsteps of a threat on a compromised computer.  Some even put this in graphical form to make it easier to see the big picture of what was accessed.  It would be great if Symantec would incorporate something like this into SEP.
new idea 15 May 2017
When creating, editing or modifying Symantec Endpoint Protection's Application and Device Control policies, you sometimes need to restart the computer to force the rules to take effect. Would like to request this behavior be changed to prevent the need to restart, especially when trying to use Application and Device Control to block  malicious software from running prior to detection ...
new idea 15 May 2017
We dont want users to have pop up appear for every single clean file.  It would be great if notifications for clean files could be turned off. Obviouslly we want to keep the notificaions of files that have problems.  I know that notifications can be turned off of all notifications through the bacl end of symantec on the local machines, but that turns off all notifications. Ideally it ...
Member Name
Reward Points
All Time
Member Name
Reward Points
Last 30 Days
Member Name
ArticlesSolved
Mithun Sanghavi
1,266
60
SMLatCST
435
1
jjesse
107
24
ℬrίαη
2,753
21

A Message From Your Community Manager: RGMDonaldson

Welcome to the Security Community on Symantec Connect.

The Security Community covers many different security products from Symantec and provides valuable technical information for each.

Please feel free to contact me via private message with any questions you may have.

I look forward to hearing from you and answering any questions about the Community.

Login to contact the Community Manager.